com.ibm.crypto.fips.provider

Class SHA2DRBG

java.lang.Object

java.security.SecureRandomSpi

com.ibm.crypto.fips.provider.SHA2DRBG

All Implemented Interfaces:

IHashDrbg, java.io.Serializable

public final class SHA2DRBG
extends java.security.SecureRandomSpi
implements IHashDrbg

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
SHA2DRBG()

Method Summary

Methods

Modifier and Type	Method and Description
protected byte[]	engineGenerateSeed(int numBytes) Part of SecureRandomSpi.
protected void	engineNextBytes(byte[] bytes) Part of SecureRandomSpi.
protected void	engineSetSeed(byte[] seed) Part of SecureRandomSpi.
byte[]	generate(int requested_no_of_bytes, boolean prediction_resistant_requested, byte[] additionalInput) From section 10.1.1.4 of NIST SP 800-90
int	init(java.lang.String algorithm, int bitStrengthRequested, java.nio.ByteBuffer entropySource, boolean predictionResistant) Initialize with the name of a hash algorithm to use, the randomness strength requested, and a source of entropy.
void	instantiate(byte[] nonce, byte[] personalization) From NIST SP 800-90, Appendix F.1.1
void	reseed(byte[] addlInput) From NIST SP 800-90, Appendix F.1.2
void	zeroize() This function zeroizes the class so that nothing is in memory

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SHA2DRBG

public SHA2DRBG()

Method Detail

engineGenerateSeed

protected byte[] engineGenerateSeed(int numBytes)

Part of SecureRandomSpi.

Specified by:

engineGenerateSeed in class java.security.SecureRandomSpi

engineNextBytes

protected void engineNextBytes(byte[] bytes)

Part of SecureRandomSpi.

Specified by:

engineNextBytes in class java.security.SecureRandomSpi

engineSetSeed

protected void engineSetSeed(byte[] seed)

Part of SecureRandomSpi. If instantiating, the first part of the seed is the entropy, and if there is anything left, it is treated as the nonce. If already instantiated, then this is interpreted as a reseed call, otherwise the data layout is treated same as instantiation.

Specified by:

engineSetSeed in class java.security.SecureRandomSpi

init

public int init(java.lang.String algorithm,
       int bitStrengthRequested,
       java.nio.ByteBuffer entropySource,
       boolean predictionResistant)
         throws java.lang.IllegalArgumentException

Initialize with the name of a hash algorithm to use, the randomness strength requested, and a source of entropy.

Specified by:

init in interface IHashDrbg

Parameters:

algorithm -

bitStrengthRequested -

entropySource - may be null, if will drive with SecureRandomSpi

predictionResistant - whether additional entropy will be supplied through the entropySource before generate operations

Returns:

the number of bits of security strength the DRBG will provide (and the entropy the caller must supply through entropySource (if supplied by caller))

Throws:

java.lang.IllegalArgumentException

See Also:

3 of NIST SP800-57 Part1, for Hash function security strengths

instantiate

public void instantiate(byte[] nonce,
               byte[] personalization)

From NIST SP 800-90, Appendix F.1.1

Specified by:

instantiate in interface IHashDrbg

Parameters:

nonce - caller-supplied nonce (optional, may be NULL)

personalization - caller-supplied personalization data (optional, may be NULL) From NIST SP 800-90, Section 10.1.1.2

generate

public byte[] generate(int requested_no_of_bytes,
              boolean prediction_resistant_requested,
              byte[] additionalInput)

From section 10.1.1.4 of NIST SP 800-90

Specified by:

generate in interface IHashDrbg

Parameters:

requested_no_of_bytes -

requested_security_strength -

prediction_resistant -

additionalInput -

Returns:

bytes generated

reseed

public void reseed(byte[] addlInput)

From NIST SP 800-90, Appendix F.1.2

Specified by:

reseed in interface IHashDrbg

zeroize

public void zeroize()

This function zeroizes the class so that nothing is in memory